Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

...
This operating system is stored in firmware, and runs on the baseband processor. As far as I know, this baseband RTOS is always entirely proprietary. For instance, the RTOS inside Qualcomm baseband processors (in this specific case, the MSM6280) is called AMSS, built upon their own proprietary REX kernel, and is made up of 69 concurrent tasks, handling everything from USB to GPS. It runs on an ARMv5 processor.

The problem here is clear: these baseband processors and the proprietary, closed software they run are poorly understood, as there's no proper peer review. This is actually kind of weird, considering just how important these little bits of software are to the functioning of a modern communication device. You may think these baseband RTOS' are safe and secure, but that's not exactly the case (link). You may have the most secure mobile operating system in the world, but you're still running a second operating system that is poorly understood, poorly documented, proprietary, and all you have to go on are Qualcomm's Infineon's, and others' blue eyes.

So, we have a complete operating system, running on an ARM processor, without any exploit mitigation (or only very little of it), which automatically trusts every instruction, piece of code, or data it receives from the base station you're connected to. What could possibly go wrong?

BIOS?
This sort of thing has always been true for all general purpose computing platforms... I don't see the big [or new] threat. However, there are alternatives - the GNU Radio is one of them...

In all modern electronics there is a "trust" paradigm. And in all cases, that trust is vulnerable to exploitation. Even the chip manufacturer might have a security breach and end up with malware written directly to the hardware... so, if you use modern electronics, you are using an system that is open to many exploits - most non-obvious, and many not related to the end user OS...

Well, Klaatu was the alien's name (Gort was the robot), so if it's the alien equivalent of "sudo" then it seems like it would have to be a title, perhaps like addressing him as "Root." Perhaps that would also be the equivalent of "Captain" on one of the alien ships.

I always preferred "meega, nala kweesta", the phrase Stitch utters to purposely shock the court, which is apparently so offensive, half the bench faints and one robot even pukes up nuts/bolts/gears. Hilarious. ;)